Reading through the paper“ Forensic framework to identify local vs synced artefacts ” from DFRWS 2018 Europe, I came across a paragraph with several statements that I had to read twice, actually several times. The paper cited a book that I wrote in 2...

The Reality Winner case is good example where a basic investigative method still works regardless of how much publicity that the same method has received for years prior. In the Winner case, printed documents were tied to Winner based on “microdots”....

…because everyone can be an expert. One thing about the DFIR field and all of its ever-encompassing related fields, is that it is physically impossible for any one person to be an expert in the entirety of the field. To even try to be ‘that DFIR expe...